When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store. To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought. Similar to the Lenovo SuperFish fiasco, this certificate and its associated private key, was the same for everyone who installed the particular software. Due to this, it could allow an attacker who was able to decrypt the private key to issue fraudulent certificates under other domain that they have no control over. This would allow them to perform man-in-the-middle attacks to sniff the traffic when a user visits these sites. While these certificate files are deleted when a user uninstalls the HeadSetup software, the trusted root certificate was not removed. This would allow an attacker who had the right private key to continue to perform attacks even when the software was no longer installed on the computer. According to a vulnerability disclosure issued today by security consulting firm Secorvo these certificates were discovered when doing a random check of a computer's Trusted Root Certificate CA store. Learn more from OUR FORUM.

A new patent application suggests that Microsoft could be working on a device that will come with the multi-part camera system. According to the patent, the camera system will have a body and a flexible mount, and it would be able to reduce the tilt error. First noticed by us, the patent titled “Self-aligning multi-part camera system” was published by USPTO earlier today and filed by Microsoft in 2016. “In some multi-part electronic devices, at least two of the multiple parts can be positioned to overlap each other to provide a specific operation for the camera. As just one example, the overlapped mode may provide for additional focusing options based on using optical elements in a second part of the device with a main camera part in a first part of the device when the first and second parts of the device are overlapped,” Microsoft explains in the background section of the patent application. The device feature multiple displays or body parts with one part comprising a camera and there is another camera module which is mounted on the second part of the device. Want to know more visit OUR FORUM.

U.S. Supreme Court justices on Monday will take up Apple Inc's effort to bury a lawsuit seeking damages from the company for allegedly monopolizing the market for iPhone software applications and forcing consumers to overpay. The justices will hear arguments in Apple's appeal of a lower court's decision to revive the proposed class-action lawsuit by a group of iPhone users. The lawsuit accused the Cupertino, California-based technology company of violating federal antitrust laws by requiring apps to be sold through the company's App Store and then taking a 30 percent commission from the purchases. The iPhone users, including lead plaintiff Robert Pepper of Chicago, filed the suit in a California federal court in 2011, claiming Apple's monopoly leads to inflated prices compared to if apps were available from other sources. Though developers set the prices of their apps, Apple collects the payments from iPhone users, keeping a 30 percent commission on each purchase. One area of dispute in the case is whether app developers recoup the cost of that commission by passing it on to consumers. Developers earned more than $26 billion in 2017, a 30 percent increase over 2016, according to Apple. The company, backed by Republican President Donald Trump's administration as well as the U.S. Chamber of Commerce, told the justices in legal papers that siding with the iPhone users who filed the lawsuit would threaten the burgeoning field of e-commerce, which generates hundreds of billions of dollars annually in U.S. retail sales. The plaintiffs, as well as antitrust watchdog groups, said closing courthouse doors to those who buy end products would undermine antitrust enforcement and allow monopolistic behavior to expand unchecked. The plaintiffs were backed by 30 state attorneys general, including from Texas, California and New York. Full details can be found on OUR FORUM.

The UK Parliament is determined to get to the bottom of Facebook's data privacy practices, whether or not Mark Zuckerberg is willing to testify. Digital Culture, Media and Sports committee (DCMS) chairman Damian Collins used an uncommon process to force the founder of software developer Six4Three to hand over internal Facebook documents while he was on a business trip to London. The files reportedly include details of Facebook data decisions that enabled the Cambridge Analytica scandal, including emails between executives and conversations with Zuckerberg. Six4Three had taken action against Facebook after claiming the site was aware of the potential consequences of its privacy policies and intentionally drawing attention to the loophole that Cambridge Analytica used to gather information. Facebook has maintained that the assertions "have no merit" and that it intended to fight the assertions in court. The files are already subject to an order from a California court, which would restrict them from being published in the US. Facebook has already called on the DCMS committee to both avoid reviewing the documents and to bring them back to either Facebook or its legal counsel. However, it's not certain that Facebook can actually force this since Parliament was acting under its own jurisdiction. The rest of this story can be found on OUR FORUM.

Microsoft’s current market cap has overtaken Apple’s, after living for nearly a decade in the shadow of the Cupertino company. At the time of writing Microsoft’s intra-day Market Cap is now 751.88B, higher than competing company Apple Inc. which is now 749.75B, by more than 2 billion dollars. Amazon (currently 741.90B) and Apple were dubbed the world’s most valuable tech companies by Market Cap earlier this year as they crossed the $1 trillion mark. With Microsoft now overshadowing all three, including Alphabet Inc, the firm now looks to be the most valuable tech company of the Silicon Valley giants. As can be seen from the graph, the last time Apple and Microsoft’s market capitalization came close to each other was way back in 2010. Investors are concerned about slowing revenue growth at the so-called FANG companies (Facebook, Apple, Netflix, and Google), a club of high flyers Microsoft has traditionally been excluded from. Now they are betting company spending on cloud services and software will remain strong as companies strive to increase efficiency and productivity, while Facebook and Google are increasingly coming under scrutiny for their consumer data practices. See the graph and read more on OUR FORUM.

Following a hack that resulted in leaking about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Authority. In July this year, flirty chat platform Knuddels.de suffered a data breach and the information stolen from its servers was published online in clear form. A member of the staff said at the time that the incident affected all users that had an account with the service or a username for the chat platform on July 20, 2018. According to a post from another team member, 330,000 of the leaked email addresses were verified, and once Knuddels learned of the leaks (one on Pastebin, another on Mega cloud storage service), it improved security measures, alerted the users and reset their passwords. It was later discovered that the website did not apply any form of protection for sensitive information such as passwords and stored them in plain text. If you think that we made a type about the penalty to be paid and it is missing zero, it is not. To remove all confusion, converted to other currencies, the fine incurred by Knuddels.de is $23,000, or around £18,000. This is the first penalty in Germany under the European Union General Data Protection Regulation (GDPR), which entered into force in May this year. Get more involved and read more on OUR FORUM.